Content Analysis - Inbound Mail

Last updated on 2025-11-07 11:15:27

If you make setting changes, allow a few minutes for the changes to take effect.

Email Gateway Defense enables administrators to set custom content filters for inbound messages based on message content and attachment file name or MIME type, and specify whether to block, quarantine, or ignore password protected archive files and messages containing password protected Microsoft attachments. See the Inbound Settings > Content Policies page for settings.

Attachment Filters

For inbound mail, you can filter attachments based on File Name or MIME Type.

Password Protected Archive Filtering

For inbound mail, you can select to block, quarantine, or ignore messages containing archive file attachments. Selecting Ignore means that the service does not look for, or act on, emails with attachments that require a password to unpack.

Password Protected Microsoft Documents

For inbound mail, you can select to block, quarantine, or ignore messages containing password protected Microsoft documents. Selecting Ignore means that the service does not look for, or act on, emails that contain password protected Microsoft documents.

Password Protected PDF Documents

For inbound mail, you can select to block, quarantine, or ignore messages containing password protected PDF documents. Selecting Ignore means that the service does not look for, or act on, emails that contain password protected PDF documents.

Message Content Filters

Note: In the classic user interface, you can add duplicate patterns with different match criteria. However, the new user interface eliminates this option to simplify policy processing. Existing duplicates from the classic user interface will remain active, but you must remove them and create a new policy to change the action for a specific pattern. According to Inbound Email Precedence, Email Gateway Defense evaluates all Allow policies in Message Content Filters first; if no Allow pattern matches, it then evaluates Block and Quarantine policies.

Inbound

Base message content filtering on any combination of subject, headers, body, attachments, sender or recipient filters, and you can specify actions to take with messages based on pre-made patterns (regular expressions) in the subject line, headers, message body, sender or recipient lines. See Regular Expressions for text patterns you can use for advanced filtering.

Attachment Content Filtering is limited to text type files such as most MS Office files, html, pdf files, and other document files.

Note that HTML comments and tags embedded between characters in the HTML source of a message are filtered out so that content filtering applies to the actual words as they appear when viewed in a web browser.

Outbound

Customize content filtering based on any combination of subject, headers, body, attachments, sender, or recipient, and apply to outbound mail. See the Outbound Settings > Content Policies page for settings. Filter actions for outbound mail include Block, Allow, Quarantine, Encrypt, and Do not encrypt.

Messages that meet the Quarantine criteria are sent to the Outbound Quarantine for the administrator to evaluate. Messages can then be viewed, delivered, rejected, deleted, or exported from the Overview > Outbound Quarantine page.

Enter filter patterns and select to Block, Allow, Quarantine, Encrypt, or Do not encrypt for Subject, Headers, Body, Attachments, Sender, or Recipient. Note that Header filters are applied to both the header name and content of any header, while the Subject filters only scan the contents of the Subject header. Use regular expressions as well as the following special characters:

. [ ] \ * ? $ ( ) | ^ @

See Regular Expressions for text patterns you can use for advanced filtering.

When using the above special characters, you must escape each character with a backslash ("\").

Attachment Content Filtering is limited to text type files such as most MS Office files, html, pdf files, and other document files.